An access control system for use in connection with a data communication system, particularly a data processing system having a computer apparatus, at least one user terminal and a communication link for providing communication between the computer apparatus and the user terminal is comprised of a controller switch and a first programmed computer means. The controller switch is connected to permit transmission of electrical signals between the computer apparatus and the communication link. The first programmed computer means is connected to the controller switch for actuating the controller switch to connect the computer apparatus and the communication link only upon verification by the first programmed computer that an authorized user is operating the user terminal. The access control system also includes an accessor switch and a second programmed computer means. The accessor switch is connected to permit transmission of electrical signals between the user terminal and the communication link. The second programmed computer means is connected to the accessor switch for actuating the accessor switch to connect the user terminal and the communication link only upon verification by the first programmed computer means that an authorized user is operating the user terminal. The second programmed computer means communicates with the first programmed computer means to verify authorized user operation of the user terminal.
|
12. A method for controlling the access to a host computer from a user terminal via transmission means of a data processing system, comprising
(a) establishing a first communication link between a controller computer connected between the host computer and the transmission means and an accessor computer connected between the user terminal and the transmission means upon operation of the user terminal; (b) storing the same algorithm in said controller and accessor computers; (c) generating a random question signal in said controller computer; (d) transmitting said random question signal from said controller computer to said accessor computer; (e) generating a first answer signal in said controller computer in response to said random question signal; (f) generating a second answer signal in said accessor computer in response to said random question signal; (g) transmitting said second answer signal from said accessor computer to said controller computer; (h) comparing said first and second answer signals in said controller computer; and (i) establishing a second communication link between the user terminal and the host computer when the first and second answer signals are the same, thereby indicating that the user terminal is authorized to access the host computer.
1. A computer access control system for a data processing system including a host computer (14) to be accessed, at least one user terminal (16) for accessing the host computer, and transmission means (18) affording communication between the host computer and the user terminal, comprising
(a) controller switch means (42) connected between the transmission means and the host computer, said controller switch means being operable between a normal first position and a second position; (b) first computer means (44) connected with said controller switch means for switching said controller switch means between its first and second positions, respectively, said controller switch means when in its normal first position permitting transmission of electrical signals between the transmission means and said first computer means and said controller switch means when in its second position permitting transmission of electrical signals between the transmission means and the host computer; (c) accessor switch means (54) connected between the transmission means and the user terminal, said accessor switch means being operable between a normal first position and a second position; (d) second computer means (56) connected with said accessor switch means for switching said accessor switch means between its first and second positions, respectively, said accessor switch means when in its normal first position permitting transmission of electrical signals between the transmission means and the user terminal, said first and second computer means switching said controller and accessor switch means respectively to their first positions upon operation of the user terminal, thereby to permit transmission of electrical signals between said first and second computer means; (e) said first computer means including (1) memory means storing a given algorithm; and (2) microcomputer means for generating and transmitting a random question signal in response to operation of the user terminal; and (f) said second computer means including (1) memory means storing said given algorithm; and (2) microcomputer means for receiving said random question signal and for generating and transmitting an answer signal in response to said random question signal, said first computer microcomputer means also generating an answer signal in response to said random question signal, said first computer microcomputer means comparing said answer signals, said first computer means switching said controller switch means to its second position and said second computer means switching said accessor switch means to its second position when said answer signals are the same, thereby to permit transmission of electrical signals between the user terminal and the host computer. 2. Apparatus as defined in
3. Apparatus as defined in
4. Apparatus as defined in
5. Apparatus as defined in
6. Apparatus as defined in
7. Apparatus as defined in
8. Apparatus as defined in
9. Apparatus as defined in
10. Apparatus as defined in
11. Apparatus as defined in
|
The present application is related to U.S patent application Ser. No. 344,205, filed Jan. 29, 1982.
The present invention relates generally to a method and apparatus for controlling access to a data transmission system and, more particularly, to such a method and apparatus for use in connection with controlling user access to a computer or data processing system.
Security in data transmission systems including data communication systems, and particularly data processing systems, has grown to be of major concern in recent years due to the ever increasing reliance upon such systems by government, industry and the general public for the storage, manipulation, transmission and presentation of information of all kinds ranging from future business strategies and projected profits to sensitive military secrets. Controlling access to data processing systems is particularly important, not only to insure the continued confidentiality and integrity of the processed or stored information (such as military or trade secrets, financial records and private personnel records) and to reduce the risk of malicious manipulation or erasure of the information, but to prevent the "theft" or misuse of the valuable computing resource itself (i.e., theft of computer time).
One prevalent prior art approach to the problem of controlling access to data processing or computer systems has been to restrict system access to a class of authorized users. The computer is preprogrammed to challenge each attempted system user and only those users who are able to verify that they are authorized users are permitted access to the computer system. Verification is accomplished by issuing each authorized user a unique "password", which may consist of a particular word or number or the like and/or an identification (ID) number, and providing the computer system with a stored listing within its memory of all such passwords and/or ID numbers. The computer system requires each attempted user of a computer terminal to enter or otherwise supply a password and/or ID number, the supplied password and/or ID number is then checked against a stored listing of authorized passwords and/or ID numbers and the user is permitted continued connection and communication with the computer system only if the password and/or ID number supplied appears on the stored listing.
Many variations and improvements of the above-described password type security system have evolved as computer systems have become increasingly sophisticated. While such password type security systems have had some success in limiting access to computer systems, they are not infallible and individuals, who have a good working knowledge of such systems and access to commercially available terminal equipment, have been able to circumvent such security systems to obtain access to valuable computer resources and information stored within the computer systems.
Other prior art approaches to the problem of controlling access to data processing systems have involved the use of highly sophisticated cryptographic equipment. While such cryptographic equipment has proven to be extremely successful, it is relatively expensive to produce, employ and maintain (i.e., management of keys) and is generally commercially available for use only in conjunction with the most sophisticated and complex computer systems.
The present invention provides an efficient and inexpensive apparatus and method for restricting access to data transmission systems, particularly data processing systems, which is readily adaptable for use in connection with virtually all such systems without regard to size or sophistication.
Briefly stated, the present invention comprises a method and apparatus for controlling access to a data transmission system having a first transmission apparatus, at least a second transmission apparatus and transmission means for providing communication between the first transmission apparatus and the second transmission apparatus. The access control system is provided for controlling the access of the second transmission apparatus to the first transmission apparatus. The access control system comprises controller switch means, which is connected to the transmission means for permitting transmission of electrical signals between the first transmission apparatus and the transmission means, and first programmed computer means connected to the controller switch means for actuating the controller switch means to connect the first transmission apparatus and the transmission means only upon verification by the first programmed computer means that an authorized user is operating the second transmission apparatus. An accessor switch means is connected to the transmission means for permitting transmission of electrical signals between the second transmission apparatus and the transmission means and a second programmed computer means is connected to the accessor switch means for actuating the accessor switch means to connect the second transmission apparatus and the transmission means only upon verification by the first programmed computer means that an authorized user is operating the second transmission apparatus, the second programmed computer means communicating with the first programmed computer means to verify authorized user operation of the second transmission apparatus.
The foregoing summary, as well as the following detailed description of a preferred embodiment of the invention, will be better understood when read in conjunction with the appended drawings, in which:
FIG. 1 is a schematic block diagram of a data processing system including the access control system of the present invention;
FIG. 2 is a more detailed schematic block diagram of the controller apparatus portion of FIG. 1; and
FIG. 3 is a schematic block diagram of the system of FIG. 1 showing an alternate method for connecting the access controller of FIG. 1 into the data processing system employing an acoustic coupler.
Referring to FIG. 1, there is shown a schematic block diagram of a data processing system 10 which includes an access control system 12 in accordance with the present invention. The data processing system 10 includes a computer apparatus or host computer 14, which may be any conventional computing apparatus, such as a general purpose main frame computer, special purpose minicomputer or the like. The data processing system 10 also includes at least one standard transmission apparatus or input/output device, such as a user terminal 16 for permitting an operator to send information to and receive information from the host computer 14. As shown on FIG. 1, the user terminal 16 comprises a standard keyboard and cathode ray tube (CRT) display terminal of a type well known in the art and commercially available from a variety of manufacturers. A more detailed description of the structure and operation of the user terminal 16 may be obtained from any of the manufacturers. It should be understood that the present invention is not limited to the particular type of user terminal shown and could also be employed in connection with any other suitable type of input/output device, such as a standard teletype terminal, card reader, paper tape reader, personal or other computer or the like.
The data processing system 10 further includes a communication link or transmission means 18 for providing communication between the host computer 14 and the user terminal 16. In the present embodiment, the user terminal 16 is a remote terminal located at a facility away from the computer apparatus 14. The communication link or transmission means 18 comprises an originate or terminal modem 20 and an answer or computer modem 22, which convert the digital data and control signals from the user terminal 16 and host computer 14, respectively, into suitable analog signals which are then modulated for passage between the modems 20 and 22 via a suitable communications means 24, such as microwave transmission, telephone line or any other conventional communication system. The modems 20 and 22 also receive the modulated signals from, for example, the telephone line generally designated 24, demodulate them and convert them back to digital signals which are then forwarded to the user terminal 16 and host computer 14, respectively. The modems 20 and 22 are of a standard type which are well known in the art and commercially available from various manufacturers. A detailed description of the structure and operation of the modems 20 and 22 is readily available from the manufacturers. It will also be appreciated by those skilled in the art that any other suitable transmission means may be substituted for the modems 20 and 22 and telephone system 24 as shown on FIG. 1 without departing from the scope of the present invention as long as appropriate interfacing is employed.
In a typical prior art data processing system, the host computer 14 is connected to the computer modem 22 by means of a suitable multi-conductor cable (shown in phantom as 26) having standard complementary connector components 27 and 27' each end which interengage (as shown in phantom) to form a complete circuit between the host computer 14 and the terminal modem 22. Similarly, the user terminal 16 is typically connected to the terminal modem 20 by means of a multi-conductor cable (shown in phantom as 28) having suitable standard complementary connector components 29 and 29' on each end which interengage to provide a complete circuit as shown between the user terminal 16 and the terminal modem 20. Also, in the typical prior art system, such multi-conductor cables comprise a 25-conductor cable having suitable RS-232C complimentary connectors on each end thereof. The present invention is particularly suited for installation into such a data processing system employing such RS-232C connectors for connecting the computer apparatus 14 and user terminal 16 to their respective modems 22 and 20.
The access control system 12 of the present invention comprises a generally permanently installed controller apparatus or lock 30 and a small, relatively portable plug-in accessor apparatus or key 32. The controller apparatus 30 and the accessor apparatus 32 are conveniently connected in series between the computer apparatus 14 and its modem 22 and the user terminal 16 and its modem 20, respectively. As shown, the controller apparatus 30 and the accessor apparatus 32 each include suitable RS-232C connectors 34 and 36 and 38 and 40, respectively, which permit the controller apparatus 30 and accessor apparatus 32 to be conveniently installed in any typical existing data processing system by simply disconnecting the existing RS-232C type multi-conductor cable connections (27-27' and 29-29', respectively) and inserting the controller apparatus 30 and accessor apparatus 32 in series in the manner as indicated in FIG. 1.
The controller apparatus 30 is comprised of two primary components, a switch means or controller switch 42 and a first programmed computer means or controller computer 44. A detailed description of the structure and operation of the controller computer 44 will hereinafter be presented. For the present, suffice it to say that the controller computer 44 is a preprogrammed microcomputer system capable of verifying whether the operator of the user terminal 16 is an authorized user and of controlling the actuation of the controller switch 42 to permitt access to the host computer 14 upon verification of authorized terminal operators.
Likewise, a more detailed description of the structure and operation of the controller switch 42 will hereinafter be presented. For the present, suffice it to say that the controller switch 42 comprises a programmable switch which is actuated by the controller computer 44 in functionally the same manner as a relay to in effect connect the output of the computer modem 22 to either the controller computer 44 or the host computer 14. The controller switch 42 is connected through interfacing (hereinafter described) directly to the modem 22 by a plurality of conductors or lines 46 (only one of which is shown for clarity). As shown, not all of the lines coming from the modem 22 pass through the controller switch 42, some of the lines 47 (only one of which is shown for clarity) being connected directly between the two connectors 34 and 36. The controller switch 42 may be actuated to connect line 46 to either the controller computer 44 by means of a plurality of lines 48 (only one of which is shown for clarity), or to the host computer 14 by way of a plurality of lines 50 (only one of which is shown for clarity) depending upon which of the two positions the controller switch 42 is actuated. A control line 52 connects the controller computer 44 to the controller switch 42 for permitting the controller computer 44 to actuate the controller switch 42 to connect the computer modem 22 directly to the host computer 14. Whenever the transmission means 18 is inactive, the controller computer actuates the controller switch 42 to connect the computer modem 22 to the controller computer 44. The controller switch 42 remains in this position until actual verification of an authorized user of the user terminal 16 occurs.
Functionally, when the controller switch 42 is actuated into a first position, the lines 46 from the computer modem 22 are connected only to the controller computer 44 via lines 48, the host computer 14 being effectively removed from the circuit (except for lines 47 which are employed to perform normal interfacing between the host computer 14 and the computer modem 22). Correspondingly, when the controller switch 42 is actuated into the second position, the lines 46 from the computer modem 22 are connected to the host computer 14 by way of lines 50, the controller computer 44 being effectively electrically removed from the circuit. In this manner, with the controller switch 42 in the first position, a user terminal 16 attempting to gain access to the host computer 14 is effectively prevented from doing so until such time as the controller computer 44 verifies that the user terminal is authorized to obtain access to the host computer 14 and actuates the controller switch 42 to its second position, thereby completing the circuit between the user terminal 16 and the host computer 14.
The accessor apparatus 32 similarly comprises two primary components; an accessor switch means or accessor switch 54 and a second programmed computer means or accessor computer 56, both of which are structurally and functionally the same as the controller switch 42 and controller computer 44, respectively. The accessor switch 54 is connected by a plurality of lines 58 (only one of which is shown for clarity) through the connection 38/29 directly to the terminal modem 20. As shown, not all of the lines from the terminal modem 20 pass through the accessor switch 54, some of the lines 59 (only one of which is shown for clarity) being connected directly between the two connectors 38 and 40. The accessor switch 54 operates in the same manner as the controller switch 42 to connect the terminal modem 20 to either the accessor computer 56, by means of a plurality of lines 60 (only one of which is shown for clarity) when the accessor switch 54 is in its first position or to the user terminal 16 by means of a plurality of lines 62 (only one of which is shown for clarity) when the accessor switch 54 is actuated into its second position. As with the controller switch 42, the accessor switch 54 is actuated into either one of its two positions by control signals from the accessor computer 56, which are transmitted to the accessor switch 54 by way of line 64.
In order to aid in the understanding of the present invention, a discussion of the operation of the access controller system will now be presented. When an operator of the user terminal 16 attempts to gain access to the host computer 14, a carrier signal is initially sent from the computer modem 22 through the telephone line 24 to the terminal modem 20 to which the terminal modem 20 responds with its carrier to establish communication. At this point in time, the controller switch 42 is in its first position, whereby signals from the computer modem 22 are transmitted directly to the controller computer 44 and the host computer 14 is effectively isolated from such signals. Upon receipt of the carrier signal, the controller computer 44 transmits an initial message signal from its memory through the controller switch 42 and communications link 18 to the accessor apparatus 32. The initial message signal transmitted by the controller computer 44 is in the form of an ASCII code message and serves as a first check to determine whether or not an accessor apparatus 32 is present in the circuit and properly connected to the other end of the terminal modem 20. If an accessor apparatus 32 is present and properly connected as shown, the ASCII code message is received by the accessor computer 56 and is echoed or retransmitted back to the controller computer 44. If no accessor apparatus 32 is present in the system, the ASCII code message from the controller computer 44 is printed out on the user terminal screen to indicate to the terminal operator that the operator is not authorized to access the host computer 14 and the telephone connection between the modems 20 and 22 is severed, in a manner well known in the art.
If an accessor apparatus 32 is present and the ASCII code message is properly echoed back to the controller computer 44, the controller computer 44 then generates a signal in the form of a "question" comprised of a random sequence of characters or numbers. The random question is then transmitted to the accessor computer 56. To provide additional security, the individual characters of the randon question may also be transmitted to the accessor computer 56 at a baud rate, varying on a character by character basis. The accessor computer 56 receives and stores each of the random question characters received from the controller computer 44.
Both the controller computer 44 and the accessor computer 56 are preprogrammed with the exact same basic algorithim to provide a unique access code for the system. The controller computer 44 and the accessor computer 56 both simultaneously operate on the random question characters to perform various manipulations utilizing the internal registers of the respective computers in accordancae with the preprogrammed algorithim to each generate a unique "answer", which is comprised of a similar signal in the form of a sequence of characters. Since the random question and the algorithim are the same for both computers, both computers 44 and 56 generate the exact same unique answer (assuming that no outside interference is present in the system). The use of a random question and the generation of the unique answers provides enhanced security over the use of a fixed or stored answer, as was done by prior art systems.
Once the generation of the two answers has been completed, the accessor computer 56 transmits its unique answer to the controller computer 44. Again, the answer from the accessor computer 56 may be transmitted at a variable baud rate on a character by character basis to provide additional security. The controller computer 44 receives and stores the answer from the accessor computer 56 and thereafter makes a detailed bit by bit comparison of the accessor computer answer with its own internally generated answer. The number of incorrect bit comparisons is tabulated by the controller computer 44. If no errors occur during the comparison, the controller computer 44 actuates the controller switch 42 to connect the host computer 14 to the computer modem 22. Simultaneously, the controller computer 44 sends a signal to the accessor computer 56 indicating that no errors were found during the comparison and the accessor computer 56 actuates the accessor switch 54 to connect the user terminal 16 to the terminal modem 20. In this manner, the controller computer 44 and the accessor computer 56 are effectively electrically removed from the circuitry, and the communication path between the user terminal 16 and the host computer 14 is completed, thereby allowing normal usage of the data processing system 10 without a need for further verification. With the controller computer 44 and access computer 56 removed from the circuitry during transmission of data between the host computer 14 and user terminal 16, no transients or other interference is introduced from the access control system 12 into the data processing system. In addition, both the controller computer 44 and the accessor computer 56 are free to perform other functions, such as self-diagnostics, without interfering with the user terminal 16, host computer 14 or the communication link 24.
If errors are encountered during the comparison of the two answers, the controller computer 44 does not actuate the controller switch 42 and the user terminal 16 is effectively prevented from accessing the host computer 14. A variable stall feature based upon the number of errors encountered during the comparison determines how soon thereafter the user terminal 16 is permitted to again attempt to access the host computer 14. If the number of errors encountered during the comparison is small, indicating that the errors may be due to extraneous factors, such as line noise or the like, the user terminal 16 will be permitted to attempt to retry accessing the host computer 14 in a relatively short period of time, for example, five seconds. However, if the number of errors encountered by the comparison is large, the user terminal 16 will be prevented from attempting to access the host computer 14 for a substantial period of time, on the order of several minutes.
Referring now to FIG. 2, there is shown a more detailed schematic block diagram of the controller apparatus 30 of FIG. 1. The accessor apparatus 32 is structurally the same as the controller apparatus with one small difference which will be described hereinafter. As discussed above, the controller apparatus 30 includes a controller switch 42 and various other components (which will be described hereinafter) which combine to form the controller computer 44. In the present embodiment, the controller switch 42 comprises a 74LS157 programmable switch which is commercially available from Texas Instruments and other component manufacturers.
The heart of the controller computer 44 is a microcomputer 70, which in this embodiment comprises a single component 8-bit microcomputer, for example, an Intel 8048 family microcomputer. A detailed discussion of the structure and operation of the 8-bit microcomputer 70 can be readily obtained from the component manufacturer. The controller apparatus 30 differs from the accessor apparatus only in stored program memory.
The controller computer 44 further includes a programmable read only memory or PROM 72, which in the present embodiment comprises a programmable device manufactured by Intel and identified by manufacturer's number 2716. The PROM 72 is a relatively permanent storage device within which is stored all of the program memory for use by the microprocessor 70, including the algorithim and the supervisory software. It is expected that the programming of all of the PROMS which will be employed in connection with a particular controller apparatus 30 and any number of accessor apparatus 32 will all be accomplished at the same time with the same software by a programming computer (not shown) in a manner well known in the art. In this manner, a controller apparatus 30 and a plurality of accessor apparatus 32 may be programmed with the same algorithm to provide a unique "lockset" which is different from other sets of controller apparatus 30 and accessor apparatus 32 having different algorithms.
An address latch 74 is also provided for the purpose of storing address information from the microprocessor 70 for use by the PROM 72 and other components. The address latch 74 is a Texas Instruments 74LS373 component, which is commercially available and known to those skilled in the art.
The controller computer 44 also includes a display for indicating the status of the access control system 12. The display comprises a light emitting diode (LED) driver 76 which is suitably connected to a plurality of light emitting diodes (LEDs) collectively shown as 78. The LED driver 76 is a standard 74LS259 component, which is commercially available from Fairchild or other component manufacturers. The purpose of the LED driver 76 is to receive and decode address information from the address latch 74 by way of lines 79a-c and to light one or more of the LEDs 78 by way of lines 78'a-f upon receipt of a write strobe WR from the microprocessor 70. For example, the "carrier" LED is lit wherever a carrier is received by the computer modem 22 and the "illegal" LED is lit whenever unacceptable access to the host computer is attempted.
A suitable crystal controlled clock 80 connected to the microcomputer 70 by lines 81 is provided to run the microcomputer 70 and to provide timing pulses for establishing the various baud rates.
The controller computer 44 also includes a suitable RS-232C to TTL interface 82 and a suitable TTL to RS-232C interface 84 for the purpose of making the requisite level adjustments to the signals passing through the controller switch 42. In the present embodiment the receive interface 82 comprises a MC 1489 component and the transmit interface 84 comprises a MC 1488 component, both components being manufactured by Motorola.
The various above described components of the controller computer 44 are all generally well known standard components which are readily obtainable from one or more semiconducter manufacturers. A detailed discussion of the structure and operation of the these components will not be presented here. Such information is readily obtainable from the particular component manufacturers.
For the sake of clarity, all of the multiple conductors lines on FIG. 2 have been shown as a single line with a numeral inserted above the line for the purpose of showing how many conductors the single line actually represents. For example, line 47 between switch terminals 34 and 36 actually represents 20 conductors as shown. In addition, subscript letters will be employed when describing multiple conductor lines for clarity.
Line 46 is actually composed of three lines; a received data line (RD) 46a, a transmit data line (TD) 46b and a data terminal ready line (DTR) 46c. When the controller switch 42 is in its first position, all three of the lines 46a-c are connected to the input/output ports (P24-26) of the microcomputer 70 by way of lines 48a-c as shown. A fourth line 52 also connects the controller switch 42 and port P27 of the microcomputer 70 for the purpose of permitting the microcomputer 70 to actuate the controller switch 42. A carrier detect line 86 is connected from the connector 36 to the T0 input port of the microcomputer 70. The carrier detect line 86 also extends to connector 34.
The controller computer 44 employs a standard multiplex address/data bus 88 which is connected by lines 71a-h to the data bus terminals (DB0-7) of the microcomputer 70 for the purpose of passing address information and data into and out of the microcomputer 70. The PROM 72, address latch 74 and LED driver 76 are all suitably connected to the address/data bus 88 by lines 73a-h, 75a-h and 71, respectively, as shown. The address latch 74 and LED driver 76 receive signals from the address/data bus 88 when the microcomputer 70 sends an address latch enable (ALE) signal along line 74' or a write (WR) signal, respectively, to these devices. Likewise, the PROM 72 places data (i.e, instructions) on the address/data bus 88 for transmission to the microcomputer 70 upon receipt of a program store enable (PSEN) signal from the microcomputer, as schematically indicated above the PROM 72.
In operation of the circuit in FIG. 2, when a user terminal 16 attempts to access the host computer 14, a carrier detect (CD) signal from the computer modem 22 is received at the input port T0 of the microcomputer 70. The CD signal causes the microcomputer 70 to transmit the above described initial ASCII code message along the transmit data (TD) line 46a to the accessor computer 56 in the matter described above. If the accessor computer 56 is present, it will echo the ASCII code message back to the controller computer 44. The echoed message is received by the microcomputer 70 along the received data (RD) line 46b. Upon receipt of the echoed message, the microcomputer 70 transmits the above-described random question along the TD line to the accessor computer 56 in the manner described above. At the same time, the microcomputer 70 obtains the stored algorithim from the PROM 72 and applies the algorithim to the random question as described above. When the accessor computer 56 has completed its application of the same algorithim to the random question, the accessor computer answer is transmitted to the microcomputer 70 along the RD line 46b. The microcomputer 70 then makes the internal bit by bit comparison of the two answers and compiles the number of incorrect bits in the manner described above. If no errors occur during the comparison, the microcomputer 70 actuates the controller switch 42 (by means of line 52) to connect the RD, TD and DTR lines 46a-c to the connector 34 (by means of three individual lines shown collectively as 50a-c) and sends a signal to the accessor computer 56 to indicate that no errors were found. The accessor computer 56 then actuates the accessor switch 54 as described above to complete the link between the user terminal 16 and the host computer 14.
In order to provide additional security, the controller computer 44, as generally designated in FIG. 2, also includes a user code extension feature, which has the capability of modifying the operation of the basic algorithim (which is permanently stored in the PROM 72) to provide for a different unique operation upon the random question. The user code extension feature is provided by means of an encoding apparatus external to the stored algorithm such as DIP (dual-in-line package) switches 90 which are comprised of 14 individual switches contained in two DIP packages of a type which are generally commercially available. By selecting different combinations of switch settings of the 14 switches, each switch having two possible positions, it is possible to provide a total of 16,384 different setting combinations. In addition to further confusing potential unauthorized attempts to access the host computer 14, the user code extension feature permits variations to be made in the access control system 12 without having to provide a new algorithim. This feature is particularly useful when one of the accessor apparatus 32 of a multiple set is lost or falls into the hands of a unauthorized user. By simply changing the dip switch settings of the controller computer 44 and all of the accessor computers 56 remaining in the hands of authorized users, the unauthorized user holding the lost or stolen accessor apparatus 32 but not knowing the new DIP switch settings is effectively prevented from gaining access to the host computer 14. As shown on FIG. 2, eight switches of the DIP switch 90 are connected by lines 91a-h directly into ports 10 through 17 of the microcomputer 70. Outputs from the other six switches of DIP switch 90 are connected by lines 93a-f to a buffer 92 and are transmitted to the address/data bus 88 along lines 95a-f when a read strobe (RD) is provided to the buffer 92 by the microcomputer 70, as schematically indicated adjacent the buffer 92.
A power supply 94 including a precision regulator (not shown) is also provided for the purpose of supplying various regulated voltages to the above-described components as required. For purposes of clarity in FIG. 2, the power supply 94 is not shown as being directly connected to the various components, it being understood that the output lines from the power supply 94 are in actuality connected to all of the various components as required. A complete discussion of the structure and operation of the power supply will not be presented, as power supplies of this type are well known to those skilled in the art.
As a further enhancement to the above-described access control system 12, the accessor computer of each individual accessor apparatus 32 may be preprogrammed to maintain in storage (PROM 72) a unique identifier such as a serial number or ID number. Correspondingly, the controller computer 44 may be programmed to query or pole the accessor computer 56 (either before or after the transmission and receipt of the random question), to determine exactly which accessor apparatus 32 is attempting to access the host computer 14. The identifier information from the accessor apparatus 32 could then be transferred to the host computer 14 for various further uses. One such use of the identifier information would be to maintain a log of the total computer time utilized by a particular accessor apparatus 32 (i.e., the individual controlling the particular accessor apparatus) for billing or other record keeping purposes. Another use of such identifier information would be to allow the host computer 14 to regulate the amount of computer time to be allocated to a particular individual, for example on a weekly or monthly basis or to regulate the information available to the particular operator. Another use of such identifier information is to selectively allow or disallow certain accessor apparatus 32 from accessing selected portions of the host computer 14 or to identify specific lost or stolen accessor apparatus 32.
FIG. 3 shows a slight variation of the accessor apparatus portion of the access control system 12 of FIG. 1. The accessor apparatus 132 of FIG. 3 is employed in connection with a user terminal 116 having an acoustical telephone cup connection 129, rather than the RS-232C type connection described above in relation to FIG. 1. The controller apparatus 30, host computer 14 and computer modem 22 remain the same as in FIG. 1.
As shown on FIG. 3, the accessor apparatus 132 includes a telephone type receiver 133 for interfacing with the acoustic telephone cup connector 129. The telephone receiver 133 is connected by a line 135 and a standard telephone type connector such as a modular connector (not shown) to the accessor apparatus 132 through a suitable interfacing modem 137. Correspondingly, the accessor apparatus 132 is connected through a suitable interfacing modem 139 and line 147 to a second acoustical telephone cup coupling 141. The handset 143 of a standard telephone 145 is employed to provide a telephone line 124 connection to the computer modem (not shown) and the remaining portions of the data processing system 10 in the same manner as shown on FIG. 1. Alternatively, the standard telephone 145 could be wired directly to the modem 139 (without employing the handset 143) by utilizing standard telephone type connectors, such as modular connectors (not shown) on each end of line 144.
From the foregoing description and the accompanying figures, it can be seen that the present invention provides an economical and efficient method and apparatus for controlling access to a data transmission system, particularly a data processing system. It will be recognized by those skilled in the art that changes or modifications may be made to the above-described embodiment without departing from the broad inventive concepts of the invention. It is understood, therefore, that this invention is not limited to the particular embodiment described, but it is intended to cover all changes and modifications which are within the scope and spirit of the invention as set forth in the appended claims.
Goszyk, Kurt A., Kulczyckyj, Antin U.
Patent | Priority | Assignee | Title |
4672533, | Dec 19 1984 | COMMUNICATIONS LINK CONTROL,INC | Electronic linkage interface control security system and method |
4675815, | Feb 18 1983 | Fujitsu Limited | Transaction safety system for falsely indicating successful completion of illegal transaction |
4679226, | Jun 17 1985 | Alltel Corporation | Computer security guard circuit |
4680788, | Aug 31 1983 | Data General Corporation | Microprocessor based control and switching device |
4685124, | Apr 30 1985 | Data General Corporation | Microprocessor based control and switching device |
4779224, | Mar 12 1985 | OPTIMUM ELECTRONICS, INC , A CORP OF CT | Identity verification method and apparatus |
4791565, | Jun 20 1984 | Effective Security Systems, Inc. | Apparatus for controlling the use of computer software |
4803312, | May 16 1986 | Asecom S.C.L. | Interface between personal computer and telex communication system |
4815031, | Sep 02 1985 | NEC Corporation | Method for granting a request to authorized data terminal users accessing from any locations |
4866666, | Oct 29 1984 | Method for maintaining data integrity during information transmission by generating indicia representing total number of binary 1's and 0's of the data | |
4907268, | Nov 03 1986 | Secure Computing Corporation | Methods and apparatus for controlling access to information processed a multi-user-accessible digital computer |
4965721, | Mar 31 1987 | HONEYWELL BULL INC , 3800 WEST 80TH STREET, MINNEAPOLIS, MINNESOTA 55431, A CORP OF DE | Firmware state apparatus for controlling sequencing of processing including test operation in multiple data lines of communication |
5014234, | Aug 25 1986 | NCR Corporation | System with software usage timer and counter for allowing limited use but preventing continued unauthorized use of protected software |
5050207, | Nov 03 1989 | National Transaction Network, Inc. | Portable automated teller machine |
5115508, | May 22 1984 | Sharp Kabushiki Kaisha | Password system utilizing two password types, the first being changeable after entry, the second being unchangeable until power is removed |
5126728, | Jun 07 1989 | HALL, DONALD R | ADP security device for labeled data |
5142565, | Jun 14 1989 | MARSHALL NETWORK SECURITY, LLC | Controller for managing data communication with a host computer for the purpose of user verification by voice processing |
5157717, | Nov 03 1989 | DIRECT RADIOGRAPHY CORP | Portable automated teller machine |
5212774, | Dec 09 1988 | Dallas Semiconductor Corporation | Two processor communications system with processor controlled modem |
5230071, | Aug 13 1987 | HEWLETT-PACKARD DEVELOPMENT COMPANY, L P | Method for controlling the variable baud rate of peripheral devices |
5276884, | Jun 21 1988 | Amdahl Corporation | Controlling the initiation of logical systems in a data processing system with logical processor facility |
5481720, | May 15 1989 | International Business Machines Corporation | Flexible interface to authentication services in a distributed data processing environment |
5499372, | Oct 05 1989 | Avant Guardian Limited | Method of controlling access to restricted access data and communication system therefor |
5655077, | Dec 13 1994 | Microsoft Technology Licensing, LLC | Method and system for authenticating access to heterogeneous computing services |
5708908, | Jun 22 1990 | Minolta Co., Ltd. | Copying machine control system with improved reliability of communication function among copying machiines and centralized control unit |
5809118, | May 30 1996 | SPYCURITY LLC | System and method for triggering actions at a host computer by telephone |
5881226, | Oct 28 1996 | CALLAHAN CELLULAR L L C | Computer security system |
5890029, | Jun 22 1990 | Minolta Co., Ltd. | Copying maching control system with improved reliability of communication function among copying machines and centralized control unit |
6012101, | Jan 16 1998 | CLEARCUBE TECHNOLOGY, INC | Computer network having commonly located computing systems |
6038616, | Dec 15 1997 | CLEARCUBE TECHNOLOGY, INC | Computer system with remotely located interface where signals are encoded at the computer system, transferred through a 4-wire cable, and decoded at the interface |
6119146, | May 04 1998 | CLEARCUBE TECHNOLOGY, INC | Computer network having multiple remotely located human interfaces sharing a common computing system |
6167519, | Nov 27 1991 | Fujitsu Limited | Secret information protection system |
6286105, | Apr 01 1998 | HEWLETT-PACKARD DEVELOPMENT COMPANY, L P | Method for implementing link-level security to enforce access privileges |
6385666, | Dec 15 1997 | CLEARCUBE TECHNOLOGY, INC | Computer system having remotely located I/O devices where signals are encoded at the computer system through two encoders and decoded at I/O devices through two decoders |
6425000, | May 30 1996 | SPYCURITY LLC | System and method for triggering actions at a host computer by telephone |
6609206, | Feb 05 1999 | CALLAHAN CELLULAR L L C | Computer security system |
6708247, | Jul 21 1999 | GOOGLE LLC | Extending universal serial bus to allow communication with USB devices at a remote location |
6735658, | Oct 06 2000 | ClearCube Technology, Inc. | System and method for combining computer video and remote universal serial bus in an extended cable |
6816925, | Jan 26 2001 | Dell Products L.P. | Combination personal data assistant and personal computing device with master slave input output |
6886055, | Dec 15 1997 | ClearCube Technology, Inc. | Computer on a card with a remote human interface |
6971027, | Apr 01 1999 | HANGER SOLUTIONS, LLC | Computer security system |
7020628, | Jan 16 1998 | SBC HOLDINGS PROPERTIES, L P ; AMERITECH PROPERTIES, INC ; SBC PROPERTIES, L P | Method and system for tracking computer system usage through a remote access security device |
7043748, | Dec 15 1997 | ClearCube Technology, Inc. | Computer network comprising computing systems with remotely located human interfaces |
7069368, | Dec 01 2000 | ClearCube Technology, Inc. | System of co-located computers in a framework including removable function modules for adding modular functionality |
7124203, | Jul 10 2000 | ORACLE, USA; Oracle International Corporation; Oracle Corporation | Selective cache flushing in identity and access management systems |
7181421, | Jan 16 1998 | SBC Properties, L.P. | Method and system for tracking computer system usage through a remote access security device |
7185364, | Mar 21 2001 | ORACLE, USA; Oracle International Corporation; Oracle Corporation | Access system interface |
7194764, | Jul 10 2000 | ORACLE, USA; Oracle International Corporation; Oracle Corporation | User authentication |
7225256, | Nov 30 2001 | ORACLE, USA; Oracle International Corporation; Oracle Corporation | Impersonation in an access system |
7231661, | Jun 21 2001 | ORACLE, USA; Oracle International Corporation; Oracle Corporation | Authorization services with external authentication |
7249369, | Jul 10 2000 | ORACLE, USA; Oracle International Corporation; Oracle Corporation | Post data processing |
7328261, | Nov 21 2001 | GOOGLE LLC | Distributed resource manager |
7398311, | Jul 10 2000 | Oracle International Corporation | Selective cache flushing in identity and access management systems |
7447191, | Aug 20 2001 | WSOU Investments, LLC | Ghost network built using data transmission via phantom mode |
7458096, | Mar 21 2001 | Oracle International Corpration | Access system interface |
7464162, | Jul 10 2000 | ORACLE, USA; Oracle International Corporation; Oracle Corporation | Systems and methods for testing whether access to a resource is authorized based on access information |
7630974, | Sep 28 2004 | ORACLE, USA; Oracle International Corporation; Oracle Corporation | Multi-language support for enterprise identity and access management |
7631086, | Sep 30 2003 | SPYCURITY LLC | Virtual dedicated connection system and method |
7765298, | Nov 30 2001 | Campbell ERS LLC | Impersonation in an access system |
7814536, | Jul 10 2000 | Oracle International Corporation | User authentication |
7882132, | Oct 09 2003 | ORACLE, USA; Oracle International Corporation; Oracle Corporation | Support for RDBMS in LDAP system |
7904487, | Oct 09 2003 | ORACLE, USA; Oracle International Corporation; Oracle Corporation | Translating data access requests |
8661539, | Jul 10 2000 | Oracle International Corporation; ORACLE, USA; Oracle Corporation | Intrusion threat detection |
8688813, | Jan 11 2006 | Oracle International Corporation | Using identity/resource profile and directory enablers to support identity management |
8935418, | Mar 21 2001 | Oracle International Corporation | Access system interface |
9038170, | Jul 10 2000 | ORACLE, USA; Oracle International Corporation; Oracle Corporation | Logging access system events |
9053316, | Oct 28 1996 | CALLAHAN CELLULAR L L C | Secure access computer system |
9674180, | Jan 11 2006 | Oracle International Corporation | Using identity/resource profile and directory enablers to support identity management |
RE34161, | Oct 04 1985 | Nintendo Company Limited | Memory cartridge and information processor unit using such cartridge |
Patent | Priority | Assignee | Title |
3761883, | |||
3798605, | |||
3958081, | Feb 24 1975 | International Business Machines Corporation | Block cipher system for data security |
3962539, | Feb 24 1975 | International Business Machines Corporation | Product block cipher system for data security |
4158834, | Apr 06 1977 | Shinko Electric Co., Ltd. | Data buffer for a label reader system including a data processor |
4213118, | Nov 08 1976 | UNIQEY LOCK COMPANY | Combination changing system and method |
4218738, | May 05 1978 | International Business Machines Corporation | Method for authenticating the identity of a user of an information system |
4218740, | Oct 30 1974 | Motorola, Inc. | Interface adaptor architecture |
4227253, | Dec 05 1977 | International Business Machines Corporation | Cryptographic communication security for multiple domain networks |
4257031, | Jul 18 1979 | The Bendix Corporation | Digital remote control system |
4281215, | May 03 1978 | Atalla Technovations | Method and apparatus for securing data transmissions |
4296404, | Oct 18 1979 | TANKNOLOGY ENGINEERED SYSTEMS, INC , A CORP OF DE , DBA ENGINEERED SYSTEMS, INC | Remote verification lockout system |
4317957, | Mar 10 1980 | System for authenticating users and devices in on-line transaction networks | |
4375032, | Feb 07 1980 | Omron Tateisi Electronics Co. | Transaction processing system |
4386266, | Feb 11 1980 | International Business Machines Corporation | Method for operating a transaction execution system having improved verification of personal identification |
4408203, | Jan 09 1978 | MasterCard International Incorporated | Security system for electronic funds transfer system |
Executed on | Assignor | Assignee | Conveyance | Frame | Reel | Doc |
Mar 22 1982 | Exide Electronics Corporation | (assignment on the face of the patent) | / | |||
Mar 22 1982 | KULCZYCKYJ, ANTIN U | EXIDE ELECTRONICS CORPORATION, A CORP OF DE | ASSIGNMENT OF ASSIGNORS INTEREST | 004000 | /0117 | |
Mar 22 1982 | GOSZYK, KURT A | EXIDE ELECTRONICS CORPORATION, A CORP OF DE | ASSIGNMENT OF ASSIGNORS INTEREST | 004000 | /0117 | |
Aug 30 1985 | Exide Electronics Corporation | CITICORP INDUSTRIAL CREDIT, INC | SECURITY INTEREST SEE DOCUMENT FOR DETAILS | 004539 | /0962 | |
Jan 29 1988 | CITICORP NORTH AMERICA, INC | Exide Electronics Corporation | SECURITY INTEREST SEE DOCUMENT FOR DETAILS | 004847 | /0977 | |
Feb 01 1988 | EXIDE ELECTRONICS CORPORATION, A CORP OF DE | BANCBOSTON FINANCIAL COMPANY | SECURITY INTEREST SEE DOCUMENT FOR DETAILS | 004846 | /0308 | |
Feb 01 1990 | BANCBOSTON FINANCIAL COMPANY | EXIDE ELECTRONICS CORPORATION, A CORP OF DE | RELEASED BY SECURED PARTY SEE DOCUMENT FOR DETAILS | 005268 | /0693 | |
Apr 30 1990 | FIRST NATIONAL BANK OF BOSTON | EXIDE ELECTRONICS CORPORATION A CORP OF DELAWARE | RELEASED BY SECURED PARTY SEE DOCUMENT FOR DETAILS | 006054 | /0853 | |
Apr 30 1990 | Exide Electronics Corporation | FIRST NATIONAL BANK OF BOSTON, THE | SECURITY INTEREST SEE DOCUMENT FOR DETAILS | 005294 | /0570 | |
Nov 21 1991 | EXIDE ELECTRONICS CORPORATION, A DE CORP | FIRST UNION NATIONAL BANK OF NORTH CAROLINA | ASSIGNMENT OF ASSIGNORS INTEREST | 005933 | /0720 | |
Jan 16 1992 | CITICORP USA , INC DE CORP MERGED INTO | CITICORP INDUSTRIAL CREDIT, INC A DE CORP | MERGER SEE DOCUMENT FOR DETAILS EFFECTIVE ON 10 28 1987DE | 006066 | /0607 | |
Nov 03 1994 | FIRST UNION NATIONAL BANK OF NORTH CAROLINA | Exide Electronics Corporation | ASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS | 007249 | /0488 | |
Feb 18 1999 | Exide Electronics Corporation | POWERWARE SYSTEMS, INC | CHANGE OF NAME SEE DOCUMENT FOR DETAILS | 011170 | /0786 | |
Apr 28 1999 | POWERWARE SYSTEMS, INC | Powerware Corporation | CHANGE OF NAME SEE DOCUMENT FOR DETAILS | 011455 | /0594 |
Date | Maintenance Fee Events |
Nov 23 1987 | M170: Payment of Maintenance Fee, 4th Year, PL 96-517. |
Nov 25 1991 | M171: Payment of Maintenance Fee, 8th Year, PL 96-517. |
Dec 19 1991 | ASPN: Payor Number Assigned. |
Jun 25 1996 | REM: Maintenance Fee Reminder Mailed. |
Nov 17 1996 | EXP: Patent Expired for Failure to Pay Maintenance Fees. |
Date | Maintenance Schedule |
Nov 20 1987 | 4 years fee payment window open |
May 20 1988 | 6 months grace period start (w surcharge) |
Nov 20 1988 | patent expiry (for year 4) |
Nov 20 1990 | 2 years to revive unintentionally abandoned end. (for year 4) |
Nov 20 1991 | 8 years fee payment window open |
May 20 1992 | 6 months grace period start (w surcharge) |
Nov 20 1992 | patent expiry (for year 8) |
Nov 20 1994 | 2 years to revive unintentionally abandoned end. (for year 8) |
Nov 20 1995 | 12 years fee payment window open |
May 20 1996 | 6 months grace period start (w surcharge) |
Nov 20 1996 | patent expiry (for year 12) |
Nov 20 1998 | 2 years to revive unintentionally abandoned end. (for year 12) |